Borderlands 3 Fabricator Gun ItemPool Selector

[Vovics]

Using this table you can change ItemPool, used when you fire Fabricator Gun.
You can receive large amount of Legendary Items, Eridium and Money.
By choosing right ItemPool, Fabricator Gun will spawn Loot of choosen type (for example, only Legendary Shields), let you roll again and again, to receive better equipment.

Just like:


How to use:
Run Borderlands 3, load map (press Continue).
Start Cheat Engine, open Borderlands3.exe.
Load this table into Cheat Engine.
Click on checkbox to enable Script.
Select itemPool from drop-down table (double click value cell).
Fire your Fabricator Gun.

Tested on current version (27.04.2020) Borderlands3 from Steam. But i guess it will work on different versions.

How to use this cheat table?

1. Install Cheat Engine
2. Double-click the .CT file in order to open it.
3. Click the PC icon in Cheat Engine in order to select the game process.
4. Keep the list.
5. Activate the trainer options by checking boxes or setting values from 0 to 1

[sebastianyyz]

Thanks so much for the table.

[Manji]

works damn fine!!!! very nice!

anybody here who knows the loot pool of the O.P.Q System from the Cartell Event? ^^

[SunBeam]

Quick tip: you could use --[[ --]] (using ]] works as well, without the -- in the end) in Lua to mark whole blocks of text:

Code: Select all

--14153810E - CC                    - int 3
--14153810F - CC                    - int 3
--141538110 - 48 83 EC 28           - sub rsp,28 { 40 }
--141538114 - 48 8B 05 4D261005     - mov rax,[14663A768] { (04450080) }
--14153811B - 48 85 C0              - test rax,rax
--14153811E - 75 5F                 - jne 14153817F
--141538120 - B9 08040000           - mov ecx,00000408 { 1032 }
--141538125 - 48 89 5C 24 20        - mov [rsp+20],rbx
--14153812A - E8 B1A300FF           - call Borderlands3.AK::WriteBytesMem::SetCount+B930
--14153812F - 48 8B D8              - mov rbx,rax
--141538132 - 48 85 C0              - test rax,rax
--141538135 - 74 38                 - je 14153816F
--141538137 - C7 80 00040000 00000000 - mov [rax+00000400],00000000 { 0 }

to

Code: Select all

--[[
14153810E - CC                    - int 3
14153810F - CC                    - int 3
141538110 - 48 83 EC 28           - sub rsp,28 { 40 }
141538114 - 48 8B 05 4D261005     - mov rax,[14663A768] { (04450080) }
14153811B - 48 85 C0              - test rax,rax
14153811E - 75 5F                 - jne 14153817F
141538120 - B9 08040000           - mov ecx,00000408 { 1032 }
141538125 - 48 89 5C 24 20        - mov [rsp+20],rbx
14153812A - E8 B1A300FF           - call Borderlands3.AK::WriteBytesMem::SetCount+B930
14153812F - 48 8B D8              - mov rbx,rax
141538132 - 48 85 C0              - test rax,rax
141538135 - 74 38                 - je 14153816F
141538137 - C7 80 00040000 00000000 - mov [rax+00000400],00000000 { 0 }
]]

[Manji]

since i wrote in this topic i had time to think more about this table and how to get the input i'd like to use.
well, it's a question and a thought. the question goes to the OP:
when the game gets content updates, will you just upload a new table with an even larger (unsorted?) item pool dropdown menu that is just like a copied string value?

that question lead my thoughts to you, SunBeam.
first: no offense! but your whole BL3 project wasn't on my radar anymore, because for me it always stood for "EGS", that i just didn't support when the game released last year.
so when i saw the title of this topic, just one feature of all the BL3-CE-table-features out there i really wanted to try out. who cares about godmodes or money, just get better in the game and play it more often. but being able to just manipulate the fabricator pulled me in here.
so while being offline i DID remember the dump thingie of your work. and i thought "what if i just try SunBeams dump mechanic on my steam version and if it works i might have a list that shows me what could be spawned with what pool string."
well, it might be a naive thought. not sure ^^

so: what can i do now, could your dumper work on the steam version?

"learn ASM, learn how to do this stuff for yourself" xD i can hear you yell, SunBeam! followed some of your articles and i liked them.

[SunBeam]

...

Manji, someone reported the DLL crashed for them on Steam. So I dunno, try it out and please confirm. Just make sure you're at least at main menu when you run the injector, please. Anytime before that the crash will surely happen

...

I took a look at the original table from the BL3 Discord and wanted to see how much is his work, how much the original author's. I must say all that Lua code is nice to inspect and figure out how it works If this is your work alone, then kudos to you, Vovics! This is when you'll see something unusual I would like to kindly request permission to use/reuse some of the Lua logic (functions, adapted) in there for other games or projects of mine, as I start appreciating Lua more and more for what it's capable of doing.

So, Vovics, would you mind if I reuse some of the Lua stuff in the future?

EDIT: Some more tips You may use them if you like:

Code: Select all

local ptr2=tonumber('0x'..ptr1[0])
local z=readBytes(ptr2+7,4, true)
local z2=byteTableToDword(z)

to

Code: Select all

local ptr2=tonumber(ptr1[0], 16) + 0x4 -- to offset to where you want to read the FNamesArray pointer
--[[
Borderlands3.exe+15E3FB0 - 48 83 EC 28           - sub rsp,28 // 4 bytes here
Borderlands3.exe+15E3FB4 - 48 8B 05 AD853A05     - mov rax,[Borderlands3.exe+698C568]
]]
local z2=ptr2 + readInteger( ptr2 + 0x3, true ) + 0x7 -- this gives you the computed address directly, without the need to do readBytes + byteTableToDword
-- formula is dest = rip + readInteger( rip + offset_to_dw, signed ) + size_of_operand
-- rip = Borderlands3.exe+15E3FB4 (that's why we do "ptr2=tonumber(ptr1[0], 16) + 0x4")
-- offset_to_dw = 3 (48 8B 05 xx xx xx xx ); 48 is at offset 0, 8B is at offset 1, 05 is at offset 2, first byte in the dword at offset 3
-- signed = true, cuz we want this, as unsigned causes issues with ASLR
-- size_of_operand = 7 (48 8B 05 xx xx xx xx = 7 bytes)

[Vovics]

anybody here who knows the loot pool of the O.P.Q System from the Cartell Event? ^^

Need to load ItemPools first - travel to Villa Ultraviolet.
Then enable script again and select "ItemPool_Event02_*"

Update - i check this again and looks like some pools working only in boss room.

[Vovics]

I took a look at the original table from the BL3 Discord and wanted to see how much is his work, how much the original author's. I must say all that Lua code is nice to inspect and figure out how it works If this is your work alone, then kudos to you, Vovics! This is when you'll see something unusual I would like to kindly request permission to use/reuse some of the Lua logic (functions, adapted) in there for other games or projects of mine, as I start appreciating Lua more and more for what it's capable of doing.

So, Vovics, would you mind if I reuse some of the Lua stuff in the future?

EDIT: Some more tips You may use them if you like:

Thanks for your tips, i will use them

Sure, you can reuse any part of this script. That was the main reason i share it.
Whole script is my own work, just use the ideas from discord table with big help from object dumper .dll to check names and addresses.

That was a way for me to deep learn Cheat Engine. Before i use ArtMoney and had bad times, when i searching chains of pointers. Cheat Engine do this job for me. Great Program! And then i found Lua integrated... Also before, i use Visual C++ to create trainers for games, but lua in Cheat Engine is so much comfortable.

[Vovics]

when the game gets content updates, will you just upload a new table with an even larger (unsorted?) item pool dropdown menu that is just like a copied string value?

Current version of script not doing auto checking/reloading tables. Need to disable/enable script on every map changes.
Yes, it just copy addresses and names of ItemPool's UE objects and build string from that information for dropdown menu. No sorting on this stage. I think about sort array before write to string, but found that unsorted list is helpfull in some cases.

[Manji]

Manji, someone reported the DLL crashed for them on Steam. So I dunno, try it out and please confirm. Just make sure you're at least at main menu when you run the injector, please. Anytime before that the crash will surely happen :)

can confirm: latest version of your dumper works. just kept to the instructions ;)
files are there, re-dumping works as well. digging into the objects file reveals the item pools.

Need to load ItemPools first - travel to Villa Ultraviolet.
Then enable script again and select "ItemPool_Event02_*"

Update - i check this again and looks like some pools working only in boss room.

Thank you, sir! Worked wonders and now i could go item "hunting" with enough RNG for variety :)
found one pool that let the fabricator shoot more fabricators xD

[Roland]

Hello and thank you for your work! I'm trying to spawn [URL='https://borderlands.fandom.com/wiki/Kaoson']Kaoson[/URL] from the Captain Trunt loot pool. It works pretty well but it's giving me low damage versions from mode Mayhem 6, despite i'm on Mayhem 10. I spawned like 20 of his loot pools and all of them are still low dps. Anyway to get high-tier versions with this spawner? It still gives me only lvl 57 weapons, not lower. But for some reason their DPS is from the lowest diffculty possible

[Manji]

[QUOTE="Roland, post: 136765, member: 41984"]

[...] it's giving me low damage versions from mode Mayhem 6, despite i'm on Mayhem 10. [...]

[/QUOTE]

it should not even give you M6 grade dmg weapons but M0 weapons. with the mayhem 2.0 patch all weapons dropped in mayhem mode may have a "mayhem-part".

e.g. on mayhem 8 your lvl 57 kaoson can drop with the mayhem-8-part. so it will do more dmg than weapons dropped on lower M level. but only IF the part is there.

all weapons created with the fabricator spawns without mayhem-part. doesn't matter in what mayhem level you use it.

so if you want to "compare" weapons, spawn some, enter the save editor and add yourself the mayhem-10-part in their anointment tab. save, fix part oders, import modified save, compare.

there are some QoL patches inbound for this game, e.g. you will see the mayhem level in the item card.

[Roland]

[QUOTE="Manji, post: 136816, member: 265"]

...

[/QUOTE]

ty for the info, ended up in editing my save and adding parts I need. Was much easier way then spawning a lot of SMG and trying to find a good one

[Marto_polo]

This table works a charm but the spawned gunguns are unaffected by the table. I broke mine by losing my original when I was selling off the dupes



edit: fixed by redownloading the file, mybad gois



edit: ran into the same peoblem again but its unfixable this time, I dont know if it's just trying to use the same address as last time